Legal

Data Processing Addendum

Last updated

This Data Processing Addendum ("DPA") forms part of the Terms of Service between you (the "Controller") and Weaver (the "Processor") and reflects the parties' agreement on the processing of personal data.

1. Scope & roles

This DPA applies where Weaver processes personal data on your behalf in connection with the Service. You are the controller and Weaver acts as a processor, processing personal data only on your documented instructions.

2. Nature of processing

The subject matter is the provision of the Service. The duration, nature, and purpose of processing, the types of personal data, and the categories of data subjects are as described in your use of the Service and any order form.

3. Our obligations

  • Process personal data only on your documented instructions.
  • Ensure personnel authorized to process data are bound by confidentiality.
  • Assist you, where feasible, in responding to data-subject requests.
  • Notify you without undue delay after becoming aware of a personal-data breach.

4. Sub-processors

You authorize Weaver to engage sub-processors to support the Service. The current list is maintained on our Sub-processors page. We remain responsible for the performance of our sub-processors' obligations.

5. Security measures

Weaver maintains technical and organizational measures designed to protect personal data, including tenant isolation enforced at the data layer, encryption in transit, and scoped access. These measures are described further on our Security page.

6. International transfers

Where personal data is transferred across regions, we rely on appropriate safeguards as required by applicable law. The processing regions of our sub-processors are listed on the Sub-processors page.